the requirement of auth doesn't stop anything, it just makes it possible to restrict access to DMs that must have matching pubkeys in them

authing is basically free, all clients already sign events, that's all auth is

all it means is you have to join the hype train to drive all the clients to implement auth

of course there will have to be rate limiting on access to DMs especially when the same ones are asked for more than a few times, this is a little extra logic but a small price to pay for normalising both protecting confidentiality of DMs and the concept of relays as a service instead of a spam target to grind to the ground and shut down when it publishes things you don't like